![[ Linux基于rhel的dns双向解析(内外网) ] [Linux 基于rhel的dns集群 ]-陌上烟雨遥](https://www.moluyao.wang/wp-content/uploads/2023/08/3453453434518224552.png)
一,基于rhel的dns双向解析
服务端
1,安装bind软件,启动软件,查看bind配置文件
[root@dns-server named]# yum install bind.x86_64 -y [root@dns-server named]# systemctl start named [root@dns-server named]# rpm -qc bind /etc/logrotate.d/named /etc/named.conf <<<主配置文件 /etc/named.iscdlv.key /etc/named.rfc1912.zones /etc/named.root.key /etc/rndc.conf /etc/rndc.key /etc/sysconfig/named /var/named/named.ca /var/named/named.empty /var/named/named.localhost /var/named/named.loopback2,编辑主配置文件
[root@dns-server named]# vim /etc/named.conf >>>>>>>>>注释zone语句块及之后的内容 /* zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; */ view localnet { <<<<<编辑内网模块 match-clients { 172.25.254.200; }; <<这个客户端只能解析到内网,这里不一定是ip,一个网段,多个ip都可以,多个ip用;空格隔开 zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; <<<<<<包含本地zone文件 }; view inter { <<<<外网模块 match-clients { any; }; <<<<其余人都解析到外网 zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.inter"; <<<<包含外网inter文件 }; 3,建立外网rfc1912.inter文件
[root@dns-server named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter4,修改rfc1912.inter文件
[root@dns-server named]# vim /etc/named.rfc1912.inter zone "westos.com" IN { type master; file "westos.com.inter"; <<<<zone改为inter,不添加新的语句块 allow-update { none; }; }; 注意:本实验的内网都在上几个实验中配置过了,所以只需要复制内网文件并做修改。
5,建立外网记录文件
[root@dns-server named]# cp -p westos.com.zone westos.com.inter6,编辑记录外网文件
原来的 $TTL 1D @ IN SOA dns.westos.com. zm.westso.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com. dns A 172.25.254.100 www A 172.25.254.101 hehe A 172.25.254.201 lalala CNAME node1.westos.com. node1 A 172.25.254.111 node1 A 172.25.254.222 :%s/172.25.254/192.168.0/g >>>>>>>>>>>全局替换 $TTL 1D @ IN SOA dns.westos.com. zm.westso.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com. dns A 192.168.0.100 www A 192.168.0.101 hehe A 192.168.0.201 lalala CNAME node1.westos.com. node1 A 192.168.0.111 node1 A 192.168.0.222客户端
内网测试
1,编辑nameserver
[root@dns-server named]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 172.25.254.100 <<<服务端ip,这个一定要改 2,172.25.254.200这台主机上测试(上面我们规定的只能解析到内网)
[root@localhost ~]# dig www.westos.com ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42723 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.westos.com. IN A ;; ANSWER SECTION: www.westos.com. 86400 IN A 172.25.254.101 <<<<<<<<内网ip ;; AUTHORITY SECTION: westos.com. 86400 IN NS dns.westos.com. ;; ADDITIONAL SECTION: dns.westos.com. 86400 IN A 172.25.254.100 ;; Query time: 0 msec ;; SERVER: 172.25.254.100#53(172.25.254.100) ;; WHEN: Mon May 21 12:42:53 EDT 2018 ;; MSG SIZE rcvd: 93 外网测试
1,编辑nameserver
[root@dns-server named]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 172.25.254.100 <<<服务端ip,这个一定要改 2,非172.25.254.200这台主机(即其他主机都解析到外网)
[root@foundation156 ~]# dig www.westos.com ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1136 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.westos.com. IN A ;; ANSWER SECTION: www.westos.com. 86400 IN A 192.168.0.101 <<<<<外网ip ;; AUTHORITY SECTION: westos.com. 86400 IN NS dns.westos.com. ;; ADDITIONAL SECTION: dns.westos.com. 86400 IN A 192.168.0.100 ;; Query time: 0 msec ;; SERVER: 172.25.254.100#53(172.25.254.100) ;; WHEN: Tue May 22 00:54:04 CST 2018 ;; MSG SIZE rcvd: 93二,基于rhel的dns集群
本实验基于以上的实验环境
服务端 master
1,修改主配置文件
[root@dns-server slaves]# vim /etc/named.conf 取消注释 zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; 注释下面内容 /* view localnet { match-clients { 172.25.254.200; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; }; view inter { match-clients { any; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.inter"; }; */2,修改rfc1912.zons文件
zone "westos.com" IN { type master; file "westos.com.zone"; allow-update { none; }; also-notify { 172.25.254.200; }; 这个不一定是一个ip,可以是多个slave,用;空格隔开,主动通知200这个slave更新 }; 3,重启服务
[root@dns-server slaves]# systemctl restart named服务端 slave (另一台主机)
1,配置软件环境
1.yum install bind -y 安装软件 2.systemctl start named 打开软件 3.systemctl enable named 设置开机启动 4.systemctl stop firewalld 关闭防火墙 5.systemctl disable firewalld 开机关闭防火墙2,配置name.conf文件
[root@localhost ~]# vim /etc/named.conf options { listen-on port 53 { any; }; <<<<开放53端口监听 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; <<<<允许任何人使用dns dnssec-validation no; <<<<不进行安全认证 3,编辑zone文件
zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "westos.com" IN { <<<<复制上面的修改 type slave; <<<<本机是slave masters { 172.25.254.100; }; <<<<主服务器ip file "slaves/westos.com.zone"; <<<注意!!!slaves不是slave 缓存到slaves/westos.com.zone文件中 allow-update { none; }; };4,重启服务
[root@localhost ~]# systemctl restart named 此时slaves目录下面就有文件 [root@localhost slaves]# ls westos.com.zone <<<这是一个数据文件,hexdump -c 可以查看,这个文件每被删除一次,重启服务就会更新一次 但是这样手动更新就太麻烦了,在master里面设置主动提示 1,服务端改变列表,但是不改变serial的值
[root@dns-server named]# cat westos.com.zone $TTL 1D @ IN SOA dns.westos.com. zm.westso.com. ( 0 ; serial <<<<不变 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com. dns A 172.25.254.100 www A 172.25.254.103 <<<<<<改变这个102改为103 hehe A 172.25.254.201 lalala CNAME node1.westos.com. node1 A 172.25.254.111 node1 A 172.25.254.222 [root@dns-server named]# systemctl restart named !!!!!!!!2,
客户端(nameserver是master的ip)
[root@foundation156 ~]# dig www.westos.com ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62344 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.westos.com. IN A ;; ANSWER SECTION: www.westos.com. 86400 IN A 172.25.254.103 <<<变了 ;; AUTHORITY SECTION: westos.com. 86400 IN NS dns.westos.com. ;; ADDITIONAL SECTION: dns.westos.com. 86400 IN A 172.25.254.100 ;; Query time: 0 msec ;; SERVER: 172.25.254.100#53(172.25.254.100) ;; WHEN: Tue May 22 09:49:27 CST 2018 ;; MSG SIZE rcvd: 93客户端(nameserver是slave的ip)
[root@foundation156 ~]# dig www.westos.com ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50590 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.westos.com. IN A ;; ANSWER SECTION: www.westos.com. 86400 IN A 172.25.254.101 <<<<没变 ;; AUTHORITY SECTION: westos.com. 86400 IN NS dns.westos.com. ;; ADDITIONAL SECTION: dns.westos.com. 86400 IN A 172.25.254.100 ;; Query time: 0 msec ;; SERVER: 172.25.254.200#53(172.25.254.200) ;; WHEN: Tue May 22 09:51:52 CST 2018 ;; MSG SIZE rcvd: 93 3,服务端改列表的同时更改serial的值
$TTL 1D @ IN SOA dns.westos.com. zm.westso.com. ( 1 ; serial <<<变 <<<注意,每次更新这个列表都要更改这个数字,数字多少无所谓 只是方便slave做对比,如果这个数字变了,那么这个里面的内容肯定也变了,那么slave就会更新 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com. dns A 172.25.254.100 www A 172.25.254.103 hehe A 172.25.254.201 lalala CNAME node1.westos.com. node1 A 172.25.254.111 node1 A 172.25.254.222 [root@dns-server named]# systemctl restart named4,客户端(nameserver是slave的ip)
[root@foundation156 ~]# dig www.westos.com ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42885 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.westos.com. IN A ;; ANSWER SECTION: www.westos.com. 86400 IN A 172.25.254.103 <<<成功改变, ;; AUTHORITY SECTION: westos.com. 86400 IN NS dns.westos.com. ;; ADDITIONAL SECTION: dns.westos.com. 86400 IN A 172.25.254.100 ;; Query time: 0 msec ;; SERVER: 172.25.254.200#53(172.25.254.200) ;; WHEN: Tue May 22 09:54:07 CST 2018 ;; MSG SIZE rcvd: 93 注意:master如果不做serial值的更改,那么slave端删除slaves目录下的文件,然后restart也可以实现更新,dig出来的也是更新之后的解析地址
[root@localhost slaves]# ls westos.com.zone [root@localhost slaves]# rm -rf westos.com.zone [root@localhost slaves]# systemctl restart named <<<<<<<重启之后westos.com.zone文件恢复 [root@localhost slaves]# ls westos.com.zone原文链接:https://blog.csdn.net/ha_weii/article/details/80410127
© 版权声明
声明📢本站内容均来自互联网,归原创作者所有,如有侵权必删除。
本站文章皆由CC-4.0协议发布,如无来源则为原创,转载请注明出处。
THE END
